1. Field
This disclosure is generally related to user authentication. More specifically, this disclosure is related to a method and system for implicitly authenticating a user to access a controlled resource based on contextual data indicating the user's behavior as well as the user's input.
2. Related Art
A mobile Internet device (MID) is a multimedia-capable handheld computer providing wireless Internet access. MIDs are designed to provide entertainment, information and location-based services for personal use. As the market for MIDs expands, mobile commerce (also known as M-commerce) is experiencing rapid growth. There is a trend toward hosting applications and services on the Internet. This results in increased demand for Internet authentication—whether of devices, computers or users. Moreover, the use of digital rights management (DRM) policies will likely increase the need for frequent authentications. Some of such authentications may happen simultaneously due to the increased use of mashups.
On the other hand, the shift toward greater market penetration of MIDs complicates password entry due to the limitations of MID input interfaces. Typing passwords on mobile devices, such as an iPhone™ or a BlackBerry™, can become a tedious and error-prone process.
Single sign-on (SSO) is an authentication mechanism to control the access of multiple, related, but independent software applications and services. With SSO, a user logs in once and gains access to all applications and services without being prompted to log in again for each of them. SSO addresses the problem of frequent authentications. However, SSO does not defend against theft and compromise of devices because it only vouches for the identity of the device, not its user.